From f68d3fd9fad6a6351178417b212e9a9c9cc5b59d Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 6 Jan 2017 09:49:40 -0800 Subject: [PATCH] Revert "Remove SUBSYSLOCK" This reverts commit 386b137e9be50afbff777c66db14eb6a0468bf36. --- Shorewall-lite/install.sh | 9 ++++++--- Shorewall-lite/manpages/shorewall-lite.conf.xml | 14 ++++++++++++++ Shorewall-lite/shorewall-lite.conf | 2 ++ Shorewall/Perl/Shorewall/Config.pm | 10 +++++----- Shorewall/Perl/prog.footer | 11 +++++++++++ Shorewall/Samples/Universal/shorewall.conf | 2 ++ Shorewall/Samples/one-interface/shorewall.conf | 2 ++ Shorewall/Samples/three-interfaces/shorewall.conf | 2 ++ Shorewall/Samples/two-interfaces/shorewall.conf | 2 ++ Shorewall/configfiles/shorewall.conf | 2 ++ Shorewall/install.sh | 9 ++++++--- Shorewall/manpages/shorewall.conf.xml | 14 ++++++++++++++ Shorewall6-lite/manpages/shorewall6-lite.conf.xml | 14 ++++++++++++++ Shorewall6-lite/shorewall6-lite.conf | 2 ++ Shorewall6/Samples6/Universal/shorewall6.conf | 2 ++ Shorewall6/Samples6/one-interface/shorewall6.conf | 2 ++ .../Samples6/three-interfaces/shorewall6.conf | 2 ++ Shorewall6/Samples6/two-interfaces/shorewall6.conf | 2 ++ Shorewall6/configfiles/shorewall6.conf | 2 ++ Shorewall6/manpages/shorewall6.conf.xml | 14 ++++++++++++++ 20 files changed, 108 insertions(+), 11 deletions(-) diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh index bc9a36881..adc239083 100755 --- a/Shorewall-lite/install.sh +++ b/Shorewall-lite/install.sh @@ -426,6 +426,9 @@ fi if [ $HOST = archlinux ] ; then sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf +elif [ $HOST = gentoo ]; then + # Adjust SUBSYSLOCK path (see https://bugs.gentoo.org/show_bug.cgi?id=459316) + perl -p -w -i -e "s|^SUBSYSLOCK=.*|SUBSYSLOCK=/run/lock/$PRODUCT|;" ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf fi # # Install the default config path file @@ -560,7 +563,7 @@ if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${ if [ $HOST = debian ]; then echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable" touch /var/log/$PRODUCT-init.log - perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf + perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf else echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable" fi @@ -579,7 +582,7 @@ if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${ echo "$PRODUCT will start automatically at boot" echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable" touch /var/log/$PRODUCT-init.log - perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf + perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf update-rc.d $PRODUCT enable elif mywhich rc-update ; then if rc-update add $PRODUCT default; then @@ -587,7 +590,7 @@ if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${ if [ $HOST = debian ]; then echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable" touch /var/log/$PRODUCT-init.log - perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf + perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf else echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable" fi diff --git a/Shorewall-lite/manpages/shorewall-lite.conf.xml b/Shorewall-lite/manpages/shorewall-lite.conf.xml index 692ccba86..325789d1a 100644 --- a/Shorewall-lite/manpages/shorewall-lite.conf.xml +++ b/Shorewall-lite/manpages/shorewall-lite.conf.xml @@ -133,6 +133,20 @@ + + SUBSYSLOCK=[pathname] + + + This parameter should be set to the name of a file that the + firewall should create if it starts successfully and remove when it + stops. Creating and removing this file allows Shorewall to work with + your distribution's initscripts. For RedHat, this should be set to + /var/lock/subsys/shorewall. For Debian, the value is + /var/state/shorewall and in LEAF it is /var/run/shorewall. + + + VERBOSITY=[number] diff --git a/Shorewall-lite/shorewall-lite.conf b/Shorewall-lite/shorewall-lite.conf index 7387fb519..83caf10fd 100644 --- a/Shorewall-lite/shorewall-lite.conf +++ b/Shorewall-lite/shorewall-lite.conf @@ -40,6 +40,8 @@ PATH= SHOREWALL_SHELL= +SUBSYSLOCK= + RESTOREFILE= #LAST LINE -- DO NOT REMOVE diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index d1ca4a64f..8e2fa583e 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -315,7 +315,7 @@ our %renamed = ( AUTO_COMMENT => 'AUTOCOMMENT', BLACKLIST_LOGLEVEL => 'BLACKLIST # # Config options and global settings that are to be copied to output script # -our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY LOCKFILE LOG_VERBOSITY RESTART/; +our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY LOCKFILE SUBSYSLOCK LOG_VERBOSITY RESTART/; # # From parsing the capabilities file or detecting capabilities # @@ -636,15 +636,14 @@ our %converted = ( # Eliminated options # our %eliminated = ( LOGRATE => 1, - LOGBURST => 1, + LOGBURST => 1, EXPORTPARAMS => 1, LEGACY_FASTSTART => 1, - IPSECFILE => 1, + IPSECFILE => 1, WIDE_TC_MARKS => 1, HIGH_ROUTE_MARKS => 1, BLACKLISTNEWONLY => 1, CHAIN_SCRIPTS => 1, - SUBSYSLOCK => 1, ); # # Variables involved in ?IF, ?ELSE ?ENDIF processing @@ -802,6 +801,7 @@ sub initialize( $;$$) { PERL => undef, PATH => undef, SHOREWALL_SHELL => undef, + SUBSYSLOCK => undef, MODULESDIR => undef, CONFIG_PATH => undef, RESTOREFILE => undef, @@ -6805,7 +6805,7 @@ sub generate_aux_config() { emit "#\n# Shorewall auxiliary configuration file created by Shorewall version $globals{VERSION} - $date\n#"; - for my $option ( qw(VERBOSITY LOGFILE LOGFORMAT ARPTABLES IPTABLES IP6TABLES IP TC IPSET PATH SHOREWALL_SHELL LOCKFILE RESTOREFILE WORKAROUNDS RESTART DYNAMIC_BLACKLIST) ) { + for my $option ( qw(VERBOSITY LOGFILE LOGFORMAT ARPTABLES IPTABLES IP6TABLES IP TC IPSET PATH SHOREWALL_SHELL SUBSYSLOCK LOCKFILE RESTOREFILE WORKAROUNDS RESTART DYNAMIC_BLACKLIST) ) { conditionally_add_option $option; } diff --git a/Shorewall/Perl/prog.footer b/Shorewall/Perl/prog.footer index 38cce0c9e..e5c81f5e7 100644 --- a/Shorewall/Perl/prog.footer +++ b/Shorewall/Perl/prog.footer @@ -49,6 +49,7 @@ start_command() { define_firewall status=$? if [ $status -eq 0 ]; then + [ -n "$SUBSYSLOCK" ] && touch $SUBSYSLOCK progress_message3 "done." fi fi @@ -60,6 +61,7 @@ stop_command() { progress_message3 "Stopping $g_product...." detect_configuration stop_firewall + [ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK progress_message3 "done." return 0 } @@ -76,6 +78,9 @@ reload_command() { detect_configuration define_firewall status=$? + if [ -n "$SUBSYSLOCK" ]; then + [ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK + fi [ $status -eq 0 ] && progress_message3 "done." } @@ -334,6 +339,9 @@ case "$COMMAND" in detect_configuration define_firewall status=$? + if [ -n "$SUBSYSLOCK" ]; then + [ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK + fi [ $status -eq 0 ] && progress_message3 "done." ;; clear) @@ -341,6 +349,9 @@ case "$COMMAND" in progress_message3 "Clearing $g_product...." clear_firewall status=0 + if [ -n "$SUBSYSLOCK" ]; then + rm -f $SUBSYSLOCK + fi progress_message3 "done." ;; status) diff --git a/Shorewall/Samples/Universal/shorewall.conf b/Shorewall/Samples/Universal/shorewall.conf index 7009cdb62..ed9a3c0c5 100644 --- a/Shorewall/Samples/Universal/shorewall.conf +++ b/Shorewall/Samples/Universal/shorewall.conf @@ -99,6 +99,8 @@ RESTOREFILE=restore SHOREWALL_SHELL=/bin/sh +SUBSYSLOCK= + TC= ############################################################################### diff --git a/Shorewall/Samples/one-interface/shorewall.conf b/Shorewall/Samples/one-interface/shorewall.conf index 414d401e0..5aaf63567 100644 --- a/Shorewall/Samples/one-interface/shorewall.conf +++ b/Shorewall/Samples/one-interface/shorewall.conf @@ -110,6 +110,8 @@ RESTOREFILE=restore SHOREWALL_SHELL=/bin/sh +SUBSYSLOCK= + TC= ############################################################################### diff --git a/Shorewall/Samples/three-interfaces/shorewall.conf b/Shorewall/Samples/three-interfaces/shorewall.conf index d803c4192..a6320090b 100644 --- a/Shorewall/Samples/three-interfaces/shorewall.conf +++ b/Shorewall/Samples/three-interfaces/shorewall.conf @@ -107,6 +107,8 @@ RESTOREFILE=restore SHOREWALL_SHELL=/bin/sh +SUBSYSLOCK= + TC= ############################################################################### diff --git a/Shorewall/Samples/two-interfaces/shorewall.conf b/Shorewall/Samples/two-interfaces/shorewall.conf index 92378ce2f..6f8ba4cd5 100644 --- a/Shorewall/Samples/two-interfaces/shorewall.conf +++ b/Shorewall/Samples/two-interfaces/shorewall.conf @@ -110,6 +110,8 @@ RESTOREFILE=restore SHOREWALL_SHELL=/bin/sh +SUBSYSLOCK= + TC= ############################################################################### diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf index a6bbdf6fa..b124e251f 100644 --- a/Shorewall/configfiles/shorewall.conf +++ b/Shorewall/configfiles/shorewall.conf @@ -99,6 +99,8 @@ RESTOREFILE=restore SHOREWALL_SHELL=/bin/sh +SUBSYSLOCK=/var/lock/subsys/shorewall + TC= ############################################################################### diff --git a/Shorewall/install.sh b/Shorewall/install.sh index 50f94667a..cc9ef41d9 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -540,6 +540,9 @@ if [ ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf ]; then sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf elif [ $HOST = debian ]; then perl -p -w -i -e 's|^STARTUP_ENABLED=.*|STARTUP_ENABLED=Yes|;' ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf${suffix} + elif [ $HOST = gentoo ]; then + # Adjust SUBSYSLOCK path (see https://bugs.gentoo.org/show_bug.cgi?id=459316) + perl -p -w -i -e "s|^SUBSYSLOCK=.*|SUBSYSLOCK=/run/lock/$PRODUCT|;" ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf${suffix} fi echo "Config file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf" @@ -1219,7 +1222,7 @@ if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${ if [ $HOST = debian ]; then echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable" touch /var/log/$PRODUCT-init.log - perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf + perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf else echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable" fi @@ -1238,7 +1241,7 @@ if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${ echo "$PRODUCT will start automatically at boot" echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable" touch /var/log/$PRODUCT-init.log - perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf + perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf update-rc.d $PRODUCT enable elif mywhich rc-update ; then if rc-update add $PRODUCT default; then @@ -1246,7 +1249,7 @@ if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${ if [ $HOST = debian ]; then echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable" touch /var/log/$PRODUCT-init.log - perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf + perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf else echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable" fi diff --git a/Shorewall/manpages/shorewall.conf.xml b/Shorewall/manpages/shorewall.conf.xml index 1ba950276..6104edfe6 100644 --- a/Shorewall/manpages/shorewall.conf.xml +++ b/Shorewall/manpages/shorewall.conf.xml @@ -2562,6 +2562,20 @@ INLINE - - - ;; -j REJECT + + SUBSYSLOCK=[pathname] + + + This parameter should be set to the name of a file that the + firewall should create if it starts successfully and remove when it + stops. Creating and removing this file allows Shorewall to work with + your distribution's initscripts. For RedHat and OpenSuSE, this + should be set to /var/lock/subsys/shorewall. For Debian, the value + is /var/lock/shorewall and in LEAF it is /var/run/shorewall. + + + TC=[pathname] diff --git a/Shorewall6-lite/manpages/shorewall6-lite.conf.xml b/Shorewall6-lite/manpages/shorewall6-lite.conf.xml index 9840a6fbb..bf846770a 100644 --- a/Shorewall6-lite/manpages/shorewall6-lite.conf.xml +++ b/Shorewall6-lite/manpages/shorewall6-lite.conf.xml @@ -133,6 +133,20 @@ + + SUBSYSLOCK=[pathname] + + + This parameter should be set to the name of a file that the + firewall should create if it starts successfully and remove when it + stops. Creating and removing this file allows Shorewall6 to work + with your distribution's initscripts. For RedHat, this should be set + to /var/lock/subsys/shorewall6. For Debian, the value is + /var/state/shorewall6 and in LEAF it is /var/run/shorewall. + + + VERBOSITY=[number] diff --git a/Shorewall6-lite/shorewall6-lite.conf b/Shorewall6-lite/shorewall6-lite.conf index b057c0cd1..3a9159da8 100644 --- a/Shorewall6-lite/shorewall6-lite.conf +++ b/Shorewall6-lite/shorewall6-lite.conf @@ -40,6 +40,8 @@ PATH= SHOREWALL_SHELL= +SUBSYSLOCK= + RESTOREFILE= #LAST LINE -- DO NOT REMOVE diff --git a/Shorewall6/Samples6/Universal/shorewall6.conf b/Shorewall6/Samples6/Universal/shorewall6.conf index c95a2c049..f04b486b2 100644 --- a/Shorewall6/Samples6/Universal/shorewall6.conf +++ b/Shorewall6/Samples6/Universal/shorewall6.conf @@ -96,6 +96,8 @@ RESTOREFILE=restore SHOREWALL_SHELL=/bin/sh +SUBSYSLOCK= + TC= ############################################################################### diff --git a/Shorewall6/Samples6/one-interface/shorewall6.conf b/Shorewall6/Samples6/one-interface/shorewall6.conf index eb1ea68a2..45fbbda26 100644 --- a/Shorewall6/Samples6/one-interface/shorewall6.conf +++ b/Shorewall6/Samples6/one-interface/shorewall6.conf @@ -97,6 +97,8 @@ RESTOREFILE=restore SHOREWALL_SHELL=/bin/sh +SUBSYSLOCK= + TC= ############################################################################### diff --git a/Shorewall6/Samples6/three-interfaces/shorewall6.conf b/Shorewall6/Samples6/three-interfaces/shorewall6.conf index f7002b1c4..57231364e 100644 --- a/Shorewall6/Samples6/three-interfaces/shorewall6.conf +++ b/Shorewall6/Samples6/three-interfaces/shorewall6.conf @@ -96,6 +96,8 @@ RESTOREFILE=restore SHOREWALL_SHELL=/bin/sh +SUBSYSLOCK= + TC= ############################################################################### diff --git a/Shorewall6/Samples6/two-interfaces/shorewall6.conf b/Shorewall6/Samples6/two-interfaces/shorewall6.conf index eb6cae488..92b0744e7 100644 --- a/Shorewall6/Samples6/two-interfaces/shorewall6.conf +++ b/Shorewall6/Samples6/two-interfaces/shorewall6.conf @@ -96,6 +96,8 @@ RESTOREFILE=restore SHOREWALL_SHELL=/bin/sh +SUBSYSLOCK= + TC= ############################################################################### diff --git a/Shorewall6/configfiles/shorewall6.conf b/Shorewall6/configfiles/shorewall6.conf index 9b8a9bb59..0ad266ca8 100644 --- a/Shorewall6/configfiles/shorewall6.conf +++ b/Shorewall6/configfiles/shorewall6.conf @@ -96,6 +96,8 @@ RESTOREFILE=restore SHOREWALL_SHELL=/bin/sh +SUBSYSLOCK=/var/lock/subsys/shorewall6 + TC= ############################################################################### diff --git a/Shorewall6/manpages/shorewall6.conf.xml b/Shorewall6/manpages/shorewall6.conf.xml index 22fff0f4c..5978725a2 100644 --- a/Shorewall6/manpages/shorewall6.conf.xml +++ b/Shorewall6/manpages/shorewall6.conf.xml @@ -2197,6 +2197,20 @@ INLINE - - - ;; -j REJECT + + SUBSYSLOCK=[pathname] + + + This parameter should be set to the name of a file that the + firewall should create if it starts successfully and remove when it + stops. Creating and removing this file allows Shorewall6 to work + with your distribution's initscripts. For RedHat, this should be set + to /var/lock/subsys/shorewall6. For Debian, the value is + /var/lock/shorewall6 and in LEAF it is /var/run/shorewall. + + + TC=[pathname]